@blamejs/blamejs-shop 0.0.129 → 0.1.0

package/lib/vendor/blamejs/test/layer-0-primitives/did.test.js

@@ -0,0 +1,147 @@
+"use strict";
+/**
+ * Layer 0 — b.did (W3C DID resolution: did:key + did:web).
+ * Covers the published did:key spec vector (an independent-implementation
+ * oracle), Ed25519 / P-256 / P-384 / secp256k1 keyToDid ↔ resolve
+ * round-trips, did:web URL derivation + document extraction
+ * (publicKeyMultibase + publicKeyJwk), the integration with b.vc
+ * (resolve an issuer DID → verify its credential), and the refusal paths.
+ */
+
+var b = require("../../index");
+var helpers = require("../helpers");
+var check = helpers.check;
+var nodeCrypto = require("node:crypto");
+
+// Published did:key Ed25519 example (W3C CCG did:key test vector).
+var SPEC_ED25519 = "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH";
+
+function testSurface() {
+  check("b.did.parse is a function", typeof b.did.parse === "function");
+  check("b.did.resolve is a function", typeof b.did.resolve === "function");
+  check("b.did.keyToDid is a function", typeof b.did.keyToDid === "function");
+  check("b.did.MULTICODEC maps Ed25519", b.did.MULTICODEC[0xed].name === "Ed25519");
+  check("b.did.DidError is a class", typeof b.did.DidError === "function");
+}
+
+function testSpecVector() {
+  var r = b.did.resolve(SPEC_ED25519);
+  check("spec vector: resolves to an Ed25519 key", r.verificationMethods[0].publicKey.asymmetricKeyType === "ed25519");
+  check("spec vector: verificationMethod type Ed25519", r.verificationMethods[0].type === "Ed25519");
+  check("spec vector: DID document has assertionMethod + authentication", r.didDocument.assertionMethod.length === 1 && r.didDocument.authentication.length === 1);
+  // Re-encoding the resolved key must reproduce the exact published DID —
+  // an independent-implementation interop check.
+  check("spec vector: keyToDid round-trips the published DID", b.did.keyToDid(r.verificationMethods[0].publicKey) === SPEC_ED25519);
+}
+
+// Key equality via JWK (an EC point imported from a compressed form may
+// re-export with a different point_conversion_form, so SPKI bytes can
+// differ even for the same key — compare the coordinates instead).
+function _spkiEq(a, b2) {
+  var ja = a.export({ format: "jwk" }), jb = b2.export({ format: "jwk" });
+  return ja.kty === jb.kty && ja.crv === jb.crv && ja.x === jb.x && (ja.y || "") === (jb.y || "");
+}
+
+function testRoundTrips() {
+  // Ed25519
+  var ed = nodeCrypto.generateKeyPairSync("ed25519");
+  var edDid = b.did.keyToDid(ed.publicKey);
+  check("Ed25519: did:key starts z6Mk", edDid.indexOf("did:key:z6Mk") === 0);
+  check("Ed25519: resolve round-trips the key", _spkiEq(b.did.resolve(edDid).verificationMethods[0].publicKey, ed.publicKey));
+
+  // P-256 (the EUDI / mdoc curve) — did:key starts zDna
+  var p = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var pDid = b.did.keyToDid(p.publicKey);
+  check("P-256: did:key starts zDn", pDid.indexOf("did:key:zDn") === 0);
+  check("P-256: resolve round-trips the key", _spkiEq(b.did.resolve(pDid).verificationMethods[0].publicKey, p.publicKey));
+
+  // P-384
+  var p384 = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "secp384r1" });
+  check("P-384: resolve round-trips the key", _spkiEq(b.did.resolve(b.did.keyToDid(p384.publicKey)).verificationMethods[0].publicKey, p384.publicKey));
+
+  // secp256k1
+  var k1 = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "secp256k1" });
+  check("secp256k1: resolve round-trips the key", _spkiEq(b.did.resolve(b.did.keyToDid(k1.publicKey)).verificationMethods[0].publicKey, k1.publicKey));
+}
+
+async function testCredentialIntegration() {
+  // The point of b.did: resolve an issuer DID, then verify its credential.
+  var issuer = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var issuerDid = b.did.keyToDid(issuer.publicKey);
+  var cred = {
+    "@context": ["https://www.w3.org/ns/credentials/v2"],
+    type: ["VerifiableCredential"], issuer: issuerDid,
+    credentialSubject: { id: "did:example:subject" },
+  };
+  var jws = await b.vc.issue(cred, { securing: "jose", alg: "ES256", privateKey: issuer.privateKey });
+  var resolvedKey = b.did.resolve(issuerDid).verificationMethods[0].publicKey;
+  var out = await b.vc.verify(jws, { algorithms: ["ES256"], publicKey: resolvedKey, expectedIssuer: issuerDid });
+  check("integration: resolved issuer DID verifies its b.vc credential", out.issuer === issuerDid);
+}
+
+function testDidWeb() {
+  var p = b.did.parse("did:web:example.com:issuers:42");
+  check("did:web: method + id parsed", p.method === "web" && p.id === "example.com:issuers:42");
+  check("did:web: path URL derived", p.url === "https://example.com/issuers/42/did.json");
+  check("did:web: bare host → .well-known", b.did.parse("did:web:example.com").url === "https://example.com/.well-known/did.json");
+  // Port encoded as %3A in the host is decoded to ':'.
+  check("did:web: %3A port decoded in host", b.did.parse("did:web:example.com%3A8443:a").url === "https://example.com:8443/a/did.json");
+  // Escaped reserved chars in a PATH segment stay verbatim (not turned
+  // into URL control syntax) — a path %3F must not become '?'.
+  check("did:web: escaped delimiter in path preserved", b.did.parse("did:web:example.com:foo%3Fbar").url === "https://example.com/foo%3Fbar/did.json");
+  // A malformed percent-escape must not throw a raw URIError.
+  var pctCode = (function () { try { b.did.parse("did:web:example.com:%"); return "ok"; } catch (e) { return e.code || e.name; } })();
+  check("did:web: malformed escape does not throw URIError", pctCode === "ok");
+
+  var issuer = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var webDid = "did:web:example.com";
+  // publicKeyJwk verification method
+  var docJwk = {
+    "@context": ["https://www.w3.org/ns/did/v1"], id: webDid,
+    verificationMethod: [{ id: webDid + "#k1", controller: webDid, type: "JsonWebKey2020", publicKeyJwk: issuer.publicKey.export({ format: "jwk" }) }],
+  };
+  var rJwk = b.did.resolve(webDid, { document: docJwk });
+  check("did:web: publicKeyJwk → KeyObject", _spkiEq(rJwk.verificationMethods[0].publicKey, issuer.publicKey));
+
+  // publicKeyMultibase verification method (did:key-style)
+  var ed = nodeCrypto.generateKeyPairSync("ed25519");
+  var multibase = b.did.keyToDid(ed.publicKey).slice("did:key:".length);
+  var docMb = {
+    "@context": ["https://www.w3.org/ns/did/v1"], id: webDid,
+    verificationMethod: [{ id: webDid + "#k1", controller: webDid, type: "Multikey", publicKeyMultibase: multibase }],
+  };
+  check("did:web: publicKeyMultibase → KeyObject", _spkiEq(b.did.resolve(webDid, { document: docMb }).verificationMethods[0].publicKey, ed.publicKey));
+}
+
+function testRefusals() {
+  function code(fn) { try { fn(); return "NO-THROW"; } catch (e) { return e.code; } }
+  check("not a DID refused", code(function () { b.did.parse("https://x"); }) === "did/bad-did");
+  check("unsupported method refused", code(function () { b.did.resolve("did:ion:abc"); }) === "did/unsupported-method");
+  check("did:web without document refused", code(function () { b.did.resolve("did:web:example.com"); }) === "did/document-required");
+  check("did:key non-multibase refused", code(function () { b.did.resolve("did:key:Qabc"); }) === "did/bad-did");
+  check("did:key bad base58 refused", code(function () { b.did.resolve("did:key:z0OIl"); }) === "did/bad-base58");
+  check("did:web document id mismatch refused", code(function () {
+    b.did.resolve("did:web:example.com", { document: { id: "did:web:evil.com", verificationMethod: [] } });
+  }) === "did/document-mismatch");
+  // RSA key cannot be a did:key
+  var rsa = nodeCrypto.generateKeyPairSync("rsa", { modulusLength: 2048 });
+  check("RSA key → unsupported", code(function () { b.did.keyToDid(rsa.publicKey); }) === "did/unsupported-key");
+}
+
+async function run() {
+  testSurface();
+  testSpecVector();
+  testRoundTrips();
+  await testCredentialIntegration();
+  testDidWeb();
+  testRefusals();
+}
+
+module.exports = { run: run };
+
+if (require.main === module) {
+  run().then(
+    function () { console.log("[did] OK — " + helpers.getChecks() + " checks passed"); },
+    function (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }
+  );
+}

package/lib/vendor-invoices.js

@@ -106,7 +106,7 @@ var INVOICE_STATUSES = Object.freeze([
 
 var MAX_DUE_WITHIN_DAYS     = 3650;    // ~10 years — bound the predicate
 
-var MS_PER_DAY              = 24 * 60 * 60 * 1000;
+var MS_PER_DAY              = _b().constants.TIME.days(1);
 
 // Aging buckets (days past due, inclusive at upper bound). `current`
 // is anything with due_date >= as_of; the rest are the canonical

package/lib/webhook-receiver.js

@@ -76,16 +76,22 @@
  * @related   b.crypto, b.webhook, b.uuid
  */
 
+// `_b()` is a hoisted function declaration (defined below), so resolving
+// the framework constants here at module-eval is safe — the index entry
+// point exposes `framework` before the require cascade.
+var C = _b().constants;
+
 var SECRET_NAMESPACE   = "webhook-receiver-secret";
 var SECRET_BYTE_LEN    = 32;
 // 32 bytes -> 43 chars of base64url (no padding).
 var SECRET_PLAINTEXT_LEN = 43;
 var SECRET_PLAINTEXT_RE  = /^[A-Za-z0-9_\-]{43}$/;
 
-var ROTATION_GRACE_MS  = 24 * 60 * 60 * 1000;
+var ROTATION_GRACE_MS  = C.TIME.days(1);
 
 var DEFAULT_REPLAY_WINDOW_SECONDS = 300;     // 5 min — Stripe-shaped default
 var MIN_REPLAY_WINDOW_SECONDS     = 30;      // floor — below this clock skew false-rejects
+// allow:raw-time-literal — replay-window ceiling in SECONDS (24h); C.TIME returns ms
 var MAX_REPLAY_WINDOW_SECONDS     = 86400;   // 24 h — anything larger is "no replay defense"
 
 var DEFAULT_MAX_BODY_BYTES = 1024 * 1024;    // 1 MiB
@@ -933,7 +939,7 @@ function create(opts) {
     purgeOlderThan: async function (days) {
       var d = _purgeDays(days);
       var nowMs = _now();
-      var cutoff = nowMs - (d * 24 * 60 * 60 * 1000);
+      var cutoff = nowMs - C.TIME.days(d);
       var r = await query(
         "DELETE FROM webhook_received_events " +
         "WHERE received_at < ?1 " +

package/lib/webhook-subscriptions.js

@@ -56,7 +56,7 @@ var MAX_EVENT_TYPES     = 64;
 var MAX_ENDPOINT_URL_LEN = 2048;
 var SECRET_BYTES        = 32;
 var SECRET_NAMESPACE    = "webhook-signing-secret";
-var ROTATION_GRACE_MS   = 24 * 60 * 60 * 1000;
+var ROTATION_GRACE_MS   = _b().constants.TIME.days(1);
 
 var WILDCARD_EVENT = "*";
 

package/lib/webhooks.js

@@ -41,6 +41,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var KNOWN_EVENTS = Object.freeze([
   "order.mark_paid",
@@ -75,7 +76,7 @@ var SECRET_BYTES = 32;
 //
 // After the fifth failed attempt the delivery moves to webhook_dlq
 // for operator investigation — see `_moveToDlq` below.
-var BACKOFF_SCHEDULE_S = Object.freeze([60, 300, 1800, 14400, 86400]);
+var BACKOFF_SCHEDULE_S = Object.freeze([60, 300, 1800, 14400, 86400]); // allow:raw-time-literal — seconds values; C.TIME returns ms
 var MAX_ATTEMPTS       = 5;
 
 // Window used by the per-endpoint rate-limit sliding count. One
@@ -83,7 +84,7 @@ var MAX_ATTEMPTS       = 5;
 // brick its own delivery feed (the window naturally slides forward),
 // long enough that bursty fan-out from a single high-volume event
 // doesn't trip the throttle on a healthy endpoint.
-var RATE_WINDOW_MS = 60 * 1000;
+var RATE_WINDOW_MS = C.TIME.minutes(1);
 
 function _now() { return Date.now(); }
 
@@ -254,7 +255,7 @@ function create(opts) {
     if (!willDlq) {
       var idx = nextAttempts - 1;
       if (idx < BACKOFF_SCHEDULE_S.length) {
-        nextRetryAt = ts + (BACKOFF_SCHEDULE_S[idx] * 1000);
+        nextRetryAt = ts + (BACKOFF_SCHEDULE_S[idx] * 1000); // allow:raw-time-literal — schedule entry is a runtime seconds value; *1000 converts to ms
       }
     }
     await query(
@@ -507,12 +508,12 @@ function create(opts) {
       }
       var tolMs;
       if (toleranceSeconds === undefined) {
-        tolMs = 300 * 1000;
+        tolMs = C.TIME.minutes(5);
       } else {
         if (typeof toleranceSeconds !== "number" || !isFinite(toleranceSeconds) || toleranceSeconds < 30) {
           throw new TypeError("webhooks.verifyIncoming: toleranceSeconds must be >= 30");
         }
-        tolMs = Math.floor(toleranceSeconds * 1000);
+        tolMs = Math.floor(toleranceSeconds * 1000); // allow:raw-time-literal — toleranceSeconds is a runtime seconds value; *1000 converts to ms
       }
       return await _b().webhook.verify({
         alg:         "hmac-sha256-stripe",

package/lib/winback-campaigns.js

@@ -102,6 +102,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -109,7 +110,7 @@ var SLUG_RE        = /^[a-z0-9][a-z0-9._-]{0,62}[a-z0-9]$|^[a-z0-9]$/;
 var TEMPLATE_RE    = /^[a-z0-9][a-z0-9._-]{0,126}[a-z0-9]$|^[a-z0-9]$/;
 var MAX_REASON_LEN = 280;
 var MAX_STEPS      = 12;
-var DAY_MS         = 24 * 60 * 60 * 1000;
+var DAY_MS         = C.TIME.days(1);
 
 var ENROLLMENT_STATUSES = Object.freeze([
   "active",

package/lib/wishlist-alerts.js

@@ -93,6 +93,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -115,7 +116,7 @@ var DEFAULT_BATCH_SIZE = 500;
 var MAX_BATCH_SIZE = 5000;
 var MAX_WEEKLY_CAP = 1000;
 var MAX_BPS = 10000;        // 100% — refuse strictly absurd thresholds
-var MS_PER_DAY = 86400000;
+var MS_PER_DAY = C.TIME.days(1);
 var MS_PER_WEEK = MS_PER_DAY * 7;
 
 // Per-(customer, sku, policy) re-fire suppression window. A price drop

package/lib/wishlist-digest.js

@@ -115,6 +115,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -130,7 +131,7 @@ var MAX_LIMIT           = 500;
 var DEFAULT_LIMIT       = 50;
 var MAX_DIGEST_LINES    = 200;
 
-var DAY_MS              = 24 * 60 * 60 * 1000;
+var DAY_MS              = C.TIME.days(1);
 
 // ---- html escape (local; vendored blamejs's _htmlEscape is private to
 // the mail primitive). Same rules — five named entities, no tag/attr

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/blamejs-shop",
-  "version": "0.0.129",
+  "version": "0.1.0",
   "description": "Open-source framework built on blamejs. Vendored stack, zero npm runtime deps, PQC-first crypto, security-on by default.",
   "main": "lib/index.js",
   "scripts": {